Podcast Episode Details

Back to Podcast Episodes
129: Synthesize all the Things!

129: Synthesize all the Things!

Coming up this week, we will be talking to John Marino about his work on the ports-mgmt utility “Synth” and the cross-pollination between DragonFly and FreeBSD. That plus the latest news and your email here on

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid

Headlines

glibc and the BSDs

  • You have likely already heard about CVE-2015-7547
  • “A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library.”
  • “Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.”
  • More details from Google’s Online Security team blog
  • “Naturally, people have started asking whether FreeBSD is affected. The FreeBSD Security Officer has not yet released an official statement, but in the meantime, here is a brief look at the issue as far as FreeBSD is concerned.”
  • “First of all: neither FreeBSD itself nor native FreeBSD applications are affected. While the resolver in FreeBSD’s libc and GNU libc share a common parentage, the bug was introduced when the latter was rewritten to send A and AAAA queries in parallel rather than sequentially when the application requests both.”
  • The same most likely applies to the other BSDs
  • “However, Linux applications running under emulation on a FreeBSD system use the GNU libc and are therefore vulnerable unless patched.”
  • A patch to update emulation/linux_base-c6 has been prepared and should be committed soon
  • Running ‘pkg audit’ will list any known vulnerable packages installed on your system
  • “The issue can be mitigated by only using resolvers you trust, and configuring them to avoid sending responses which can trigger the bug.”
  • “If you already have your own resolvers, you can configure them to avoid sending UDP responses larger than 2048 bytes. If the response does not fit in 2048 bytes, the server will send a truncated response, and the client should retry using TCP. While a similar bug exists in the code path for TCP requests, I believe that it can only be exploited by a malicious resolver, and interposing your own resolver will protect affected Linux systems and applications.”
  • Dag-Erling’s blog post also includes instructions and configuration examples for locking down your resolver, or setting up your own resolver if you don’t have one already ***

OpenBSD Foundation - 2016 Fundraising Campaign

  • The OpenBSD foundation has announced their 2016 fundraising campaign, and set the goal of raising $250k for the year.
  • While they mention that fundraising for 2015 didn’t hit 2014’s blockbuster numbers, it still exceeded the goal set, with an almost equal mix of corporate and community donors.

‘Our goal for 2016 is to increase the amount of support we offer for development, without compromising our regular support for the projects. We would like to:
Plan and

Published on 9 years, 10 months ago





If you like Podbriefly.com, please consider donating to support the ongoing development.

Donate

© 2025 Developer Service

DevAsService

DevAsService

Cloud Home Lab

Developer Service

Imaginator

Courses Developer Service

Is It Clickbait